Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24-12-2023 16:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
059049a5e8d72bf04d76a7b17eb4641b.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
059049a5e8d72bf04d76a7b17eb4641b.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
059049a5e8d72bf04d76a7b17eb4641b.exe
-
Size
5.9MB
-
MD5
059049a5e8d72bf04d76a7b17eb4641b
-
SHA1
a64b1bdf77f21e91bb4b73462981a67d16dd2aff
-
SHA256
3b4bf24ffce8eae9c7b6f0758301ca8f44facfbbfc11eb86ae97c08a152eaa62
-
SHA512
73195aa63fe24fba5f69f9db6def2374beb284fd0c2edf087fa0b0be16534ccd26aed49fcb2ac0a717fb1cd9fdea5f3f654b9835b3f8b21c69007042019bc79a
-
SSDEEP
49152:ouwWvwROFCD0u0i/l+wcce3A9oGljNLfUGaonPg4WvwROFCD0u0i/l2jtb3mu+ch:ZcKkdPKVAaIMcxwY2sa
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\desktop.ini 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\desktop.ini 059049a5e8d72bf04d76a7b17eb4641b.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.Primitives.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.ResourceManager.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\schemagen.exe 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Specialized.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Royale.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationProvider.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\D3DCompiler_47_cor3.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationClientSideProviders.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\oledbvbs.inc 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Printing.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\UIAutomationTypes.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Forms.Primitives.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\serialver.exe 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipsita.xml 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Requests.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ReachFramework.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\uk.txt 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipschs.xml 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Parallel.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Xaml.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Controls.Ribbon.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Primitives.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.FileSystem.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.StackTrace.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Timer.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Input.Manipulations.resources.dll 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\adovbs.inc 059049a5e8d72bf04d76a7b17eb4641b.exe File created \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui 059049a5e8d72bf04d76a7b17eb4641b.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.TypeExtensions.dll 059049a5e8d72bf04d76a7b17eb4641b.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4300 2532 WerFault.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\059049a5e8d72bf04d76a7b17eb4641b.exe"C:\Users\Admin\AppData\Local\Temp\059049a5e8d72bf04d76a7b17eb4641b.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2532 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 5842⤵
- Program crash
PID:4300
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2532 -ip 25321⤵PID:220
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD547aab6390f73dd1f1028a18e085fed22
SHA160efd7c70188e1aaf7b01d740708964a89475c5b
SHA2562ca717b6ca434a66e1e9c83f3deed8fc6b5c82073055f879ab823b405bb6a1e6
SHA5126dd1e89b4a665892ded09b858d9907861c80159f88722f7ff2ad04279d596f2ea3b0b41ed1138b53e78f19ca9bfacef2f0045a6f6d7305226c954ef19f744e19
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163